CODEWITHSUNDEEP
php
DigitalNuke
DigitalNuke

Reputation: 13

PHP and MySQL select

Okay so I'm making php that will pull every entry from a data base that matches the name you put in a textbox. so here is a image of the database https://i.sstatic.net/LvmrM.png < screen shot of database

So if i where to put "DigitalNuke" in the textbox and hit the submit button I want only the rows that have "DigitalNuke" as the value in the second column "referrer"

<form ACTION="" METHOD=post>
<div class="input-append">
  <input class="span2" id="youruser" type="text" name="youruser" placeholder="Your Username">
  <button class="btn btn-success" type="submit">Retrive</button>
</div>
</form>
<?php
   require_once 'connect.php';
   $name = isset($_POST['youruser']);
   $conn=  mysqli_connect ($dbhost,$dbuser,$dbpass,$dbname)or die(mysqli_error());
   $query1 = "SELECT 'id', 'referrer', 'username', 'brigade', 'faction', 'activity' FROM refmems WHERE referrer='$name";
   $result = mysqli_query($conn, $query1)
      or die('Error querying the database: ');
  echo '<table class="table table-bordered">';
  echo '<caption>Your Referred Members</caption>' . '<thead><tr><th>ID</th>' . '<th>Username</th>' . '<th>Brigade</th>' . '<th>Faction</th>' . '<th>Activity</th>' . '</tr></thead>';
      while ($row = mysqli_fetch_array($result)) {
  echo "<tr class='success'><td>" . $row['id'] . "</td><td>" . $row['username'] . "</td><td>" . $row['brigade'] . "</td><td>" . $row['faction'] . "</td><td>" . $row['activity'] ."</td></tr>";     
}
?>

So as of now it doesn't do anything when I hit the submit button. Well it kind of works, except for instead of pulling the data from the table, it just puts id, username, brigade, faction, activity in each row of the generated table. https://i.sstatic.net/XF71h.png < screen shot

Any help would be appreciated, if you need anything else let me know and i'll post it.

Upvotes: 1

Views: 58

Answers (2)

s_ha_dum
s_ha_dum

Reputation: 2850

Your syntax is broken.

"SELECT id, referrer, username, brigade, faction, activity FROM refmems WHERE referrer='$name"

There is no closing single quote after $name, and the fields don't get quoted (or use backticks but it isn't necessary).

Also, you are asking for trouble. You've got user input with no validation/sanitization.

Upvotes: 0

kittycat
kittycat

Reputation: 15045

 $query1 = "SELECT 'id', 'referrer', 'username', 'brigade', 'faction', 'activity' FROM refmems WHERE referrer='$name";

should be:

 $query1 = "SELECT `id`, `referrer`, `username`, `brigade`, `faction`, `activity` FROM refmems WHERE referrer='$name'";

Also learn how to use prepared statements for MySQLi. Your code is open to SQL injection.

Upvotes: 1

Related Questions